CWE-453 不安全的缺省变量初始化

Insecure Default Variable Initialization

结构: Simple

Abstraction: Variant

状态: Draft

被利用可能性: unkown

基本描述

The software, by default, initializes an internal variable with an insecure or less secure value than is possible.

相关缺陷

• cwe_Nature: ChildOf cwe_CWE_ID: 1188 cwe_View_ID: 1000 cwe_Ordinal: Primary

• cwe_Nature: ChildOf cwe_CWE_ID: 1188 cwe_View_ID: 699 cwe_Ordinal: Primary

适用平台

Language: [{'cwe_Name': 'PHP', 'cwe_Prevalence': 'Sometimes'}, {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}]

常见的影响

可能的缓解方案

System Configuration

策略:

Disable or change default settings when they can be used to abuse the system. Since those default settings are shipped with the product they are likely to be known by a potential attacker who is familiar with the product. For instance, default credentials should be changed or the associated accounts should be disabled.

示例代码

例

This code attempts to login a user using credentials from a POST request:

bad PHP

Because the $authorized variable is never initialized, PHP will automatically set $authorized to any value included in the POST request if register_globals is enabled. An attacker can send a POST request with an unexpected third value 'authorized' set to 'true' and gain authorized status without supplying valid credentials.

Here is a fixed version:

bad PHP

This code avoids the issue by initializing the $authorized variable to false and explicitly retrieving the login credentials from the $_POST variable. Regardless, register_globals should never be enabled and is disabled by default in current versions of PHP.

Notes

分类映射

文章来源于互联网:scap中文网